Pages

Thursday 2 August 2007

webdav cadaver and SSL certificates

I ran today in a bit of a problem with cadaver (cmd line interface for WebDAV). I wanted to connect to a DAV share on a secure site that had a self-signed certificate and wanted to put the procedure in a script. Each time cadaver was asking to accept the certificate and this wasn't compatible with the fact of putting it in a script.
So after 1 hour of googling I found out that cadaver fetches the CA certs from an not well defined "ca-bundle.crt" file and that the version compiled in debian lenny (0.22.5-2) doesn't have it defined. And (what is worse) you can define the variable only at compilation time.

So if you run into the same problem. Just do this:

1) Get the cert:
echo "quit" | openssl s_client -connect host:port 2>&1 |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cert

2) Added the cert to the certificates bundle file:
cat cert >> /etc/ssl/certs/ca-certificates.crt

3) Get cadaver sources:
apt-get source cadaver

4) Recompile them with the right options:
./configure --with-ca-bundle="/etc/ssl/certs/ca-certificates.crt" --with-ssl && make

5) Use the compiled version instead of the installed one in your script (or make install to install it)

6 comments:

  1. Worked like a charm!

    Thank you very much for the tips.

    bruce

    ReplyDelete
  2. Great, that was a big help for me!

    ReplyDelete
  3. I found great information from your blog,keep posting this kind of stuff ahead.thanks for share with us.

    ReplyDelete
  4. Thanks for taking the time to write this post, it's been a great help and it works brilliantly.

    ReplyDelete
  5. http://gagravarr.org/writing/openssl-certs/others.shtml

    ReplyDelete
  6. just change in cadaver.c return !yesno(); to return 1; and then make

    ReplyDelete